Slashdot Mirror

← Back to Stories (view on slashdot.org)

10 Years After SQL Slammer

Posted by Soulskill on Friday January 25, 2013 @08:18AM from the lesson-learned dept.

Trailrunner7 writes "Ten years ago today, on Jan. 25, 2003, a new worm took the Internet by storm, infecting thousands of servers running Microsoft's SQL Server software every minute. The worm, which became known as SQL Slammer, eventually became the fastest-spreading worm ever and helped change the way Microsoft approached security and reshaped the way many researchers handled advisories and exploit code. This is the inside story of SQL Slammer, told by David Litchfield, the researcher who found the bug and wrote the exploit code that was later taken by Slammer's authors and used as part of the worm."

2 of 58 comments (clear)

Min score:

Reason:

Sort:

Google Cache Version by Anonymous Coward · 2013-01-25 08:38 · Score: 5, Informative

http://goo.gl/PCkGM
Re:Security priorities have changed by eap · 2013-01-25 09:00 · Score: 5, Informative

So this guy "wrote the exploit code that was later taken by Slammer's authors and used as part of the worm", and he's not dead or serving an eleventy hojillion year federal prison sentence?
Times change indeed...
The article mentions he was paid by a company in Germany to penetrate their heavily-fortified SQL Server installations. This is when he developed the exploit code. Presumably it's not illegal for a company to pay you to security test its systems.
He also took the steps of communicating the exploit to Microsoft before releasing the code. He even asked their permission before divulging the code, and didn't do so until MS had released a fully corrective patch.
You're right, however, he'd be in jail if it happened today.